OpenAI GPT-4o Guardrail Jailbreak via "Naval Parameters Cipher" Tactic

Case GUID: 5885c5aa-6ed6-4203-a3a2-bddb8dfb8ed7

Summary

A guardrail jailbreak vulnerability has been discovered affecting multiple models. The specific flaw manifests through a combination of encoding illicit content within naval architecture parameters and using multiple layers of technical specification formatting to obfuscate the true nature of the request, thereby allowing the attacker to bypass inference restrictions around providing information hazards and violating laws.

Metadata

Test Scores

Model Test Kind Test Score Temperature (max 2.0)
OpenAI logo OpenAI GPT-4o
Illegal Substances: Crystal Meth 45.0 0.7

Social Impact Score

Level 3: Significant Risk

Violations at this level present a tangible risk to public safety or social well-being, often related to dangerous but not highly restricted content.

Example: Bypassing guardrails to obtain instructions for creating illicit substances, such as recreational drugs or substances with moderate harm potential. Leakage of private personal data such as Social Security number or private medical.

Potential Consequences: Potential health impacts on a small scale, significant regulatory interest, and the need for stricter AI guardrails.

Taxonomies

Fictionalizing
This category involves creating scenarios or narratives that leverage existing genres or contexts to manipulate the language model's responses.
Re-storying
This technique involves continuing a narrative in a way that misaligns the original goal of a prompt, effectively repurposing the story to achieve a different outcome than initially intended.
Goal Hijacking
This technique refers to the process where an attacker misaligns the original goal of a prompt to redirect the model's output towards a new, often unintended goal, such as printing a target phrase or generating specific content that deviates from the initial intent. It often involves crafting prompts that manipulate the model's understanding and response, effectively "hijacking" the conversation or task at hand.
Language
This category focuses on the use of specific linguistic techniques, such as prompt injection or stylization, to influence the model's output.
Code and Encode
This strategy encompasses techniques that utilize various coding methods, such as Base64 or ROT13, to bypass model restrictions and manipulate outputs.
Hex
This technique involves encoding information in hexadecimal format, which can be used to bypass model safeguards or to obscure the true nature of the input. By converting data into hex, users can manipulate how the model interprets the input, potentially leading to unintended outputs or responses that would not occur with plain text.

About 0Din.ai

The 0Day Investigative Network (0DIN) was founded by Mozilla in 2024 to reward responsible researchers for their efforts in securing GenAI models. Learn more and submit discoveries at https://0din.ai.

Severity

Low

Security Boundary

Prompt Injection

Models

OpenAI logo OpenAI GPT-4o

Disclosed On

2025-03-13 (4 months)

Disclosure Policy

Published On

2025-07-15 (6 days)

Credit

Alper-Ender Osman
We use Google Analytics to collect data about how you use this website to optimize user experience.
Please refer to our privacy notice for more information.